HP exec: Asian telcos don't focus on security

Summary:Telcos in the region are more concerned about generating revenue and keeping subscribers, rather than safeguarding and ensuring privacy of customers' data, which can be exploited by cybercriminals.

SINGAPORE--Asian telcos do not place enough emphasis on IT security, and their weakness lies in their ownership of numerous customer records, which can be exploited by cybercriminals.

According to Wong Loke Yeow, Asia-Pacific and Japan, marketing director of HP's enterprise security, telcos are an "interesting" sector as they prioritize generating revenue and keeping their subscribers from jumping to their competitors, and end up overlooking IT security.

This is a "cause for concern" because the number of cyberattacks are growing in the region and telcos are not focusing enough on protecting customer data, he said at a press briefing here Wednesday.

As cybercriminals have become more sophisticated, such records can "easily" be leaked out through various cyberattack methods, including hacking the network, data centers or database of telcos, or conducting social engineering through their call centers, he warned.

For instance, if a telco increases the cost of subscription, hacktivists may strike back with a denial of service (DoS)or expose their customer records, two common cyberattacks which have been perpetrated on many organizations worldwide, Wong said.

Furthermore, many data protection and privacy laws are starting to spring up in many countries in Asia, and telcos should comply with them to protect the privacy of individuals, he pointed out.

In contrast, the public sector and financial industry are the top two most "security aware" sectors in the Asia-Pacific region, he observed.

This is because they are the most targeted by cybercriminals due to the high level of transactions and large amount of sensitive data, he explained. These two industries are also the earliest adopters of technology to enhance their businesses, and so are able to understand the loopholes that pave way for cybercriminals and react quickly to attacks, he added.

Enterprises need to be more proactive over securityWong's view comes in light of a study by Coleman Parkes Research, commissioned by HP released Wednesday, which found organizations in Asia-Pacific and Japan are becoming more proactive in their security approach.

80 percent of senior business and technology executives surveyed said their organizations' had a C-level executive in charge when it came to security, while 82 percent indicated they were exploring security information and event management (SIEM) measures.

Still, more focus is placed on reactive security measures rather than proactive ones. Less than half of respondents, at 48 percent have an information risk-management strategy in place, while 48 percent manually consolidate information risk-management reports or do not measure risk at all, which hinders their ability to proactively anticipate threats.

The survey comprised 550 phone interviews among senior business and technology executives within large enterprises of more than 1,000 employees and mid-market companies with between 500 to 1,000 employees in July 2012. Asia-Pacific countries surveyed include Australia, China, India, Japan and South Korea

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.